Network protocol analysis (also known as network monitoring, network traffic analysis, protocol analysis, sniffing, packet analysis, eavesdropping etc) is the process of capturing network traffic passing through the wire and inspecting it to troubleshoot the network problems. A network protocol analyzer decodes the data packets of network protocols and displays the network traffic in readable format. A network protocol analyzer has many uses. Some of them are
• Troubleshooting network problems.
• Analyzing the performance of a network.
• Network intrusion detection and detection of worms, viruses, compromised computers and other types of network attacks.
• Logging network traffic for forensics and evidence.
• Analyzing the operations of applications.
Sniffers are dangerous to network security because they can catch the network traffic and read unencrypted data from network which makes them a favorite weapon of network intruders. Network intruders use snifﬁng to capture conﬁdential information (unencrypted) over the network. Network intruders can use sniffers for capturing usernames and passwords which are sent unencrypted, mapping the usage patterns of the users on a network, Capturing VoIP telephone conversations, Mapping the network etc.
Note: The term "Sniffer" was a registered trade mark of Network General. Network General later merged with NetScout Systems Inc.